초보의 공간

## rsyslog 를 이용한 client log를 원격지 LOG 수집서버로 쌓기

1) LOG SERVER conf 수정

vi /etc/rsyslog.conf

# provides UDP syslog reception

$ModLoad imudp                            -  주석제거

$UDPServerRun 514                         -  주석제거

$template FILENAME,"/var/log/%hostname%/%$YEAR%_%$MONTH%_%$DAY%.log"        - 추가

*.* ?FILENAME                                                                                                   - 추가

/etc/init.d/rsyslog restart

2) client conf

vi /etc/rsyslog.conf

syslog

#*.*;auth,authpriv.none         -/var/log/syslog            - 주석, 복사

*.*;auth,authpriv.none          @172.16.1.1:514            - @LOG Server IP:514

messages

*.=info;*.=notice;*.=warn;\

        auth,authpriv.none;\

        cron,daemon.none;\

        mail,news.none          @172.16.1.1:514

/etc/init.d/rsyslog restart

LOG 수집 서버에 /var/log/호스트네임/날짜 로 로그 수집이 되는지 확인. 끝.

참고 url : http://idchowto.com/?p=16367

http://egloos.zum.com/outspace/v/3091255

** 환경

CentOS 7 x86_64

Cacti 1.1.38 

****   centos 7.0 부터 iptables 설정이 아주 이상해졌다.

아래 과정을 꼭 해주길 권장한다.

systemctl stop firewalld

systemctl disable firewalld

/etc/selinux  - disabled

/etc/iptables.sh  생성관리

###  apache 2.4 설치

# Install Apache 2.4

sudo yum install httpd -y

sudo sed -i 's/^/#&/g' /etc/httpd/conf.d/welcome.conf

sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/httpd/conf/httpd.conf

sudo systemctl start httpd.service

sudo systemctl enable httpd.service

###  MariaDB 10.2 설치

# Install MariaDB 10.2

curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash

sudo yum install MariaDB-server MariaDB-client -y

sudo systemctl start mariadb.service

sudo systemctl enable mariadb.service

###  MariDB root password 설정

# Secure MariaDB 10.2

sudo /usr/bin/mysql_secure_installation

# When prompted, answer questions as below:

# - Enter current password for root (enter for none): Just press the Enter button

# - Set root password? [Y/n]: Y

# - New password: your-MariaDB-root-password

# - Re-enter new password: your-MariaDB-root-password

# - Remove anonymous users? [Y/n]: Y

# - Disallow root login remotely? [Y/n]: Y

# - Remove test database and access to it? [Y/n]: Y

# - Reload privilege tables now? [Y/n]: Y

# Create a MariaDB database for Cacti

mysql -u root -p

# For security purposes, be sure to replace "cacti", "cactiuser", and "yourpassword" with your own ones. 

CREATE DATABASE cacti;

CREATE USER 'cactiuser'@'localhost' IDENTIFIED BY 'yourpassword';

GRANT ALL PRIVILEGES ON cacti.* TO 'cactiuser'@'localhost' IDENTIFIED BY 'yourpassword' WITH GRANT OPTION;

FLUSH PRIVILEGES;

EXIT;

###   PHP7.1 설치

# Install required PHP 7.1 components for Cacti

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

sudo yum install -y mod_php71w php71w-process php71w-common php71w-pdo php71w-xml php71w-ldap php71w-mbstring php71w-gd php71w-snmp php71w-mysqlnd php71w-cli php71w-mcrypt php71w-opcache php71w-imap php71w-intl

sudo cp /etc/php.ini /etc/php.ini.bak

sudo sed -i 's#;date.timezone =#date.timezone = America/Los_Angeles#' /etc/php.ini

###  CACTI 1.1.38 다운로드

wget https://www.cacti.net/downloads/cacti-1.1.38.tar.gz

cacti-1.1.38.tar.gz

tar zxvf cacti-1.1.38.tar.gz 

  mv /root/cacti-1.1.38 /opt/cacti

ln -s /opt/cacti-1.1.38 /var/www/html/cacti

touch /opt/cacti/log/cacti.log

 chown -R apache:apache /opt/cacti

###   CACTI SQL SB 추가

mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

mysql -u root -p cacti < /var/www/html/cacti/cacti.sql

mysql -u root -p

# In the MySQL shell:

GRANT SELECT ON mysql.time_zone_name TO cactiuser@localhost IDENTIFIED BY 'yourpassword';

FLUSH PRIVILEGES;

EXIT;

###    cacti config.php 수정

vi /var/www/html/cacti/include/config.php

$database_type     = 'mysql';

$database_default  = 'cacti';

$database_hostname = 'localhost';

$database_username = 'cactiuser';

$database_password = 'yourpassword';

$database_port     = '3306';

$database_ssl      = false;

$url_path = '/cacti/';

###  crontab 추가

 crontab -u apache -e

*/5 * * * * php /var/www/html/cacti/poller.php > /dev/null 2>&1

cat <<EOF | sudo tee -a /etc/httpd/conf.d/cacti.conf

<VirtualHost *:80>

ServerAdmin admin@example.com

DocumentRoot /var/www/html/

ServerName cacti.example.com

ServerAlias www.cacti.example.com

<Directory /var/www/html/cacti/>

Options FollowSymLinks

AllowOverride All

Order allow,deny

allow from all

</Directory>

ErrorLog /var/log/httpd/cacti.example.com-error_log

CustomLog /var/log/httpd/cacti.example.com-access_log common

</VirtualHost>

EOF

systemctl restart httpd.service

###  my.cnf 수정

vi /etc/my.cnf

[client]

default-character-set=utf8mb4

[mysql]

default-character-set=utf8mb4

[mysqld]

collation-server=utf8mb4_unicode_ci

init-connect='SET NAMES utf8mb4'

character-set-server = utf8mb4

max_heap_table_size=256M

tmp_table_size=80M

join_buffer_size=80M

innodb_buffer_pool_size=963M

innodb_doublewrite=OFF

innodb_flush_log_at_timeout=3

innodb_read_io_threads=32

innodb_write_io_threads=16

systemctl restart mariadb.service

**  mariadb 재시작 시 error 가 발생하는 경우가 생긴다.

이 때 /var/lib/mysql/  

ib_logfile0

ib_logfile1

ibdata1

3개의 파일을 삭제 한 뒤 다시 시작하면 된다.

참고url

https://www.vultr.com/docs/how-to-install-cacti-1-1-on-centos-7

http://idchowto.com/?p=11107

* 환경

  - Ubuntu 16.04 LTS

  - Cacti 1.1.38.tar.gz

apt-get update

apt-get upgrade

## Mysql Server 설치

apt-get install mysql-server-5.7   (최신)

## php, apache2 설치

apt-get install php-xml php-ldap php-mbstring php-gd php-snmp php-gmp rrdtool snmp librrds-perl apache2

## Cacti 1.1.38 다운 (최신)

wget https://www.cacti.net/downloads/cacti-1.1.38.tar.gz

cacti-1.1.38.tar.gz

## cacti 압축 해제

tar zxvf cacti-1.1.38.tar.gz

mv cacti-1.1.38 /opt/cacti

## Log 경로 설정

mkdir /opt/logs

  touch /opt/logs/cacti.log

  touch /opt/logs/httpd_access.log

  touch /opt/logs/httpd_error.log

  chown -R www-data /opt/logs/*

## Mysql cacti DB 생성

mysqladmin --user=root --password create cacti

mysql --user root -p cacti < /opt/cacti/cacti.sql

 mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql

 mysql --user root --password mysql

###Enter your mysql root password.
###This will enter you into the mysql console for mysql database.
###NOTE: ‘somepassword’ referenced here is the cacti user password and must be the same as used in cacti configuration in the next section

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'somepassword';
mysql> GRANT SELECT ON mysql.time_zone_name TO cacti@localhost IDENTIFIED BY 'somepassword';

Exit

## cacti config 수정

vi /opt/cacti/include/config.php 

### Find these variables and make the following changes

$database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cactiuser';
$database_password = somepassword;
$database_port = '3306';
$database_ssl = false;
$url_path = '';

##  file permissions 설정

chown -R www-data:www-data /opt/cacti/resource/snmp_queries

  chown -R www-data:www-data /opt/cacti/resource/script_server

  chown -R www-data:www-data /opt/cacti/resource/script_queries

  chown -R www-data:www-data /opt/cacti/scripts

  chown -R www-data:www-data /opt/cacti/rra/ /opt/cacti/log/

  chown -R www-data:www-data /opt/cacti/cache/mibcache

  chown -R www-data:www-data /opt/cacti/cache/realtime

  chown -R www-data:www-data /opt/cacti/cache/spikekill

##   Apache config

touch /etc/apache2/sites-available/cacti.conf

  vi /etc/apache2/sites-available/cacti.conf 

<VirtualHost *:80>

    <Location />
       require all granted
   </Location>

   ServerAdmin webmaster@localhost
   DocumentRoot /opt/cacti
   ErrorLog /opt/logs/httpd_error.log
   CustomLog /opt/logs/httpd_access.log combined

</VirtualHost>

  rm /etc/apache2/sites-enabled/*

  a2ensite cacti.conf

##   crontab 등록

vi /etc/crontab

###Add line at bottom

*/5 * * * * www-data php /opt/cacti/poller.php > /dev/null 2>&1

##  MySQL my.cnf 튜닝

vi /etc/mysql/mysql.conf.d/mysqld.cnf

###Add following lines to the bottom of the configuration file:

Max_heap_table_size = 256M
Tmp_table_size = 64M
Join_buffer_size = 64M
Innodb_doublewrite = OFF
Innodb_buffer_pool_size = 963M
Innodb_flush_log_at_timeout = 3
Innodb_read_io_threads = 32
Innodb_write_io_threads = 16

/etc/init.d/apache2 restart

/etc/init.d/mysql restart

*****  여기까지 했지만 cacti server IP 접근을 해도 500 error 만 나오고 정상적으로 열리지 않았다.

온갖 구글링을 해서 php7.0 버전이 너무 높아 호환성 에러가 나는 것을 찾았다.

apt-get install libapache2-mod-php

apt-get install php-curl

apt-get install php-mysql

추가 설치 후 정상 접속 가능

##    cacti 접속 후 기본 setup

http://[cacti server IP address]

default account 

admin  //  admin

참고 url

https://www.blackhillsinfosec.com/how-to-install-cacti-on-ubuntu/

https://www.phpschool.com/gnuboard4/bbs/board.php?bo_table=qna_function&wr_id=391359

https://github.com/spotweb/spotweb/issues/134

https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/setup-cacti-network-monitoring-tool-on-ubuntu-14-04-linux-mint-17.html